[como-devel] Como and sFlow

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hello again,

I am trying to run como with sflow and I encountered some problems.

I enabeled the sflow sniffer in the configuration file:
sniffer "sflow" "localhost" "port=3001"

but como does not capture any traffic:
como -c mycomo.conf
[58876.539046 SU       ] 
----------------------------------------------------
[58876.539087 SU       ]   CoMo v2.0 #sh: ./comover-helper.sh: 
Permission denied (built Apr 30 2009 17:57:09)
[58876.539111 SU       ]   Copyright (c) 2004-2006, Intel Corporation
[58876.539124 SU       ]   All rights reserved.
[58876.539133 SU       ] 
----------------------------------------------------
[58876.539142 SU       ] ... workdir /tmp/comoOu6eYN
[58876.539159 SU       ] log level: ERROR WARNING NOTICE MESSAGE DEBUG
[58876.539199 SU       ] allocated 1073741824 of mapped memory
[58876.539874 SU       ] Initialized sniffer `sflow` on device `localhost`.
[58876.542610 SU       ] starting process STORAGE pid 88210/8
[58876.543081 SU       ] starting process CAPTURE pid 8822
[58876.544029 CA       ] sniffer sflow (localhost) started
[58876.547939 CA       ] adding module traffic
[58876.548068 CA       ] adding module flowcount
[58876.548179 CA       ] adding module protocol
[58876.548292 CA       ] adding module topaddr
[58876.560474 CA       ] adding module topports
[58876.561211 CA       ] adding module trace
[58876.561384 CA       ] adding module tuple
[58876.564474 CA       ] adding module apps
[58876.568699 SU       ] starting process EXPORT pid 8823 8/8
[58876.593033 CA       ] starting to capture packets; mdl 8/8
*- up 0d00h01m50s; mem 0/0/1024MB (0); pkts 0 drops 0; mdl 8/8 *

Do you have any idea why is not working? (I am sure that the sflow 
datagrams are send to this host)

I also tried to use flowtools. I am redirecting the sflow datagrams to 
flowtools:
sflowtool -p 3001 -c  flows.lyon.grid5000.fr -d 3000
flow-capture -b little -w /home/ogoga/flows/ -S 1 -n 550 0/0/3000

I enabled the flowtools sniffer:
sniffer "flowtools" "/home/ogoga/flows/2009/2009-05/*/ft-*" 
"sampling=128 stream"

but the problem here is that como is only reading files till the current 
moment, if afterwards flowtools is generating other files, they won't be 
read by como:
  como -c mycomo1.conf

opening file 
/home/ogoga/flows/2009/2009-05/2009-05-20/ft-v05.2009-05-20.180436+0200
[58096.562366 CA       ] sniffing from /home/ogoga/flows/2009/2009-05/*/ft-*
*no more files to read, but want more
    going to sleep for 10minutes*
[58096.582715 CA       ] no sniffers left. waiting for queries

Is there any way to force como to read the next files?

Thank you,
Oana